Poppler is a Portable Document Format (PDF) rendering library, used byapplications such as Evince.

Multiple integer overflow flaws were found in poppler. An attacker couldcreate a malicious PDF file that would cause applications that use poppler(such as Evince) to crash or, potentially, execute arbitrary code whenopened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)

Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause applicationsthat use poppler (such as Evince) to crash or, potentially, executearbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)

Multiple flaws were found in poppler's JBIG2 decoder that could lead to thefreeing of arbitrary memory. An attacker could create a malicious PDF filethat would cause applications that use poppler (such as Evince) to crashor, potentially, execute arbitrary code when opened. (CVE-2009-0166,CVE-2009-1180)

Multiple input validation flaws were found in poppler's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause applicationsthat use poppler (such as Evince) to crash or, potentially, executearbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in poppler's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause applicationsthat use poppler (such as Evince) to crash when opened. (CVE-2009-0799,CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple ProductSecurity team, and Will Dormann of the CERT/CC for responsibly reportingthese flaws.

Users are advised to upgrade to these updated packages, which containbackported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/docs/DOC-11259